tag:blogger.com,1999:blog-3421984462344108380.post5643996001884443232..comments2020-06-04T15:39:56.523-04:00Comments on Open Security Research: Secure Usage of Android Webview:Unknownnoreply@blogger.comBlogger1125tag:blogger.com,1999:blog-3421984462344108380.post-31210388074606884642014-04-08T17:59:59.299-04:002014-04-08T17:59:59.299-04:00Should also point out that Webviews are not able t...Should also point out that Webviews are not able to use the standard Android certificate pinning approach as they don&#39;t expose the connection APIs to you so you can set the SSLSocketFactory or TrustManager to one that does pinning. You would have to use shouldInterceptRequest and make connections yourself and return the data; suppressing the webview&#39;s connections. However, this API is only in API level 11 and higher (Honeycomb+), meaning that Webviews on Android prior to Honeycomb cannot be secured from MiTM.Anonymoushttps://www.blogger.com/profile/05804748043244078290noreply@blogger.com